Hi,
I am creating a splunk alert trigger script which parses the output csv file. I am having a problem because the result file keeps disappearing. The trigger passes in the full path to csv file as one of the parameters. Sometimes my script is fast enough to read the file before it disappears, and sometimes it results in file not found. Why is that happening?
C://Program Files//Splunk//var//run//splunk//dispatch//rt_scheduler__admin__search__RMD5d51449b036e37dfe_at_1367973103_9662.290//results.csv.gz
Thanks
You might want to try the following option in your saved search definition:
dispatch.ttl =
* Indicates the time to live (in seconds) for the artifacts of the scheduled search, if no
actions are triggered.
Hope it will help.
Regards,
Olivier
You might want to try the following option in your saved search definition:
dispatch.ttl =
* Indicates the time to live (in seconds) for the artifacts of the scheduled search, if no
actions are triggered.
Hope it will help.
Regards,
Olivier